Posted
by
timothy
on Tuesday January 17, 2012 @09:42AM
from the yes-but-where-are-the-perps dept.

An anonymous reader writes "Following reports of misconduct by Google employees in Kenya and India, It has been found that Google IP addresses have been responsible for deliberate vandalism of OpenStreetMap data. While it is unlikely that this was a deliberate or coordinated attack by Google HQ on thecompetition, multiple such reports does raise the question of whether or not Google has become too big to effectively enforce its 'Don't be evil' philosophy across its massive organization."

As the person who (in my role as an OpenStreetMap system administrator) first discovered this `incident' let me start by saying that I consider this post to be grossly irresponsible and wholly inappropriate.

The board of OSMF are making mountains out of tiny pimples here. It seems that they want this to be some sort of organised corporate malfeasance on the part of Google which is why they have tried to link it to the recent Mocality incident where there was indeed clear evidence of such behaviour.

The reality in this case is that there is no evidence that this is any different to the numerous other incidents we get all the time where users either accidentally or deliberately make bogus edits. The only difference in this case is that there happen to be two accounts (though we do not know if that is two people) and the user or users involved happen to (presumably) work for Google.

That is the sum total of what we know, and on the back of that, and without approaching Google at all, two leading board members have decided to reveal personal information about two of our users.

It seems to me that this is just an attempt to get some cheap publicity by trying to like the project to the Mocality incident, and I cannot support such behaviour....

Only two of the seventeen accounts mentioned appear to have done anything identified as improper, and we have no idea how many of those accesses relate to those accounts or indeed to signed in vs not signed in users.

Trying to read that as meaning that there have been 100,000 instances of vandalism is completely misleading.

One of the blog post authors is Steve Coast from Microsoft Bing Maps. Plus, the OSMF is claiming this post is a personal communication and does not represent the position of their board. So, the whole thing is starting to sound very suspicious.

Note that Evil Microsoft permits OpenStreetMap to trace its aerial photography to generate maps, and uses OSM data, and cooperates in several other ways with OSM, while Don't-Be-Evil Google tries to pretend that OSM doesn't exist and pushes Android handset makers to include Google Maps instead of an OSM app (in spite of the fact OSM has more detailed maps everywhere I've tested them) and does not share any of their mapping data - including user-provided data - with the community.

... Don't-Be-Evil Google tries to pretend that OSM doesn't exist and pushes Android handset makers to include Google Maps instead of an OSM app (in spite of the fact OSM has more detailed maps everywhere I've tested them) and does not share any of their mapping data - including user-provided data - with the community.

1. Is there evidence that any handset makers wanted to use an OSM app, but Google prevented them from loading the OSM map? I noticed that my handset came preloaded with Google Maps and a third-party GPS app.2. Users are free to provide their own map data to OSM. Is the problem that Google doesn't accept user data under a license that would allow Google to freely redistribute the data?

In other words it could have been.An honest mistake.Of course what really bugs me about all of this is that when people talke about the 3 strikes law I hear people say time and time again... IP addresses are not identity.IP addresses can be spoofed as can mac addresses.

Does Google offer guest Wi-Fi access at any of their locations? Does anyone in Google run a Tor exit node? Are there any live jacks in Google meeting rooms? Do they NAT multiple internal addresses?

It's one thing to confirm suspicions by setting up a honeypot phone number like Mocality did, and then receive calls from people identifying themselves as being from Google. It's quite another to only point to an IP addresses and place blame with no further evidence.

No, they don't be evil, which is less restrictive, merely requiring that good - evil > 0

Bollocks, morality doesn't work like that. An act is either good, bad or neutral on its own merits and for every particular case. If Gandhi had once tortured a puppy to death for the lulz you wouldn't excuse it because he did a lot of good elsewhere.

It could have been, but rather doubtful that someone (or someones) with true good intentions would change street info in cities thousands of km away and repeatedly be wrong in their changes. Particularly since this "honest" mistake comes from the same IPs as the Mocality "hackers" within a week or so of those incidents being exposed.

Of course what really bugs me about all of this is that when people talke about the 3 strikes law I hear people say time and time again... IP addresses are not identity.IP addresses can be spoofed as can mac addresses.

Corporate IPs are far more likely to be static than residential IPs. Corporate IPs are far more likely to have IT staff ensuring the hardware isn't part of some botnet, etc.

Alternatively, it could simply be that google aren't as pro-open as they like to put across. Just like all big companies, they're pro-open when they're falling behind in the development race (e.g. android when it was first out), and pro-closed when they're way ahead of the competition (maps, search, android's increasing restrictions now).

Why would you think they are pro-open? Google Maps implemented its own user-submitted-content system and doesn't share this with the wider community. In contrast, MapQuest and Bing Maps both cooperate with OSM and provide them with data.

They're also not ahead of their competitors. I was looking for a place near the station in my home town a while ago. On OSM, the building is numbered. On Google Maps, the road that the building is on was completely missing. If you look at the Google Map of Paris, yo

I do appreciate that you think the OSM maps are of better quality. I am involved with it but at times I find them lacking but have been working to improve them in my city as well as in areas where I hunt. It seems that the coverage of Europe is by far better than in the US.

Being somewhat behind in my hip memeological studies, I had to look this up, and it is clearly a total load of bollocks concept intended to bolster right wing ideologies of selfishness with a pseudo-scientific rationale.

I was going to link to Wikipedia but it is on strike for a day, however no doubt as it is a right wing concept most people on slashdot are familiar with it already, and indeed probably use it as a bumper sticker.

it replicates itself through advertising and marketing and stupid hosts. once it installs on some computer, it doesnt go away unless wipe the thing clean with a format.

i installed it once in 1996 or something. the shock was so great that i have never, ever used anything that was remotely affiliated with norton. what's more appalling is that, they have not changed their behavior since the passing 14 years.

At least one AV maker used to brag about this semi-publicly in the 80s when (at least here) it wasn't a crime. I fail to believe no one does this today too -- especially that authorship of a virus is damn hard to prove and an AV maker will legitimately have samples of hundreds or thousands of viruses, including commented assembly.

While I deplore the act of writing viruses, I can't say I wholly condemn anti-virus companies for doing so if they do/did so. For a long time, companies would sweep vulnerabilities under the carpet and avoid fixing them. Having exploits in the wild was the one way to grab their attention (and, if you go back far enough, even with a sample exploit you were more likely told to shut up than be lauded). So as a result, we overall probably have better systems security now than we would have otherwise, because th

OpenStreetMap is a very good project, it is basically the Wikipedia of Maps. Wikipedia even links to OpenStreetMap when you look up co-oridnates for articles such as cities. It can also be more up-to date in areas that are having heavy construction. For example a major new bypass road was built in my city and it was added to OpenStreetMap the day it opened. Google maps still doesn't have it even a year later.

Support OpenStreetmap, I hope they do a SOPA blackout to show how useful they are in places where Go

On the same blogpost,Tom Hughes said...As the person who (in my role as an OpenStreetMap system administrator) first discovered this `incident' let me start by saying that I consider this post to be grossly irresponsible and wholly inappropriate.The board of OSMF are making mountains out of tiny pimples here. It seems that they want this to be some sort of organised corporate malfeasance on the part of Google which is why they have tried to link it to the recent Mocality incident where there was indeed clear evidence of such behaviour.

The reality in this case is that there is no evidence that this is any different to the numerous other incidents we get all the time where users either accidentally or deliberately make bogus edits. The only difference in this case is that there happen to be two accounts (though we do not know if that is two people) and the user or users involved happen to (presumably) work for Google.

That is the sum total of what we know, and on the back of that, and without approaching Google at all, two leading board members have decided to reveal personal information about two of our users.

It seems to me that this is just an attempt to get some cheap publicity by trying to like the project to the Mocality incident, and I cannot support such behaviour.

Also saysTom Hughes said...I am told that this posting was in fact made in a personal capacity and as such any suggestion on my part that it represents an official position of the OSMF board is incorrect and should be disregarded.

Only two of the seventeen accounts mentioned appear to have done anything identified as improper, and we have no idea how many of those accesses relate to those accounts or indeed to signed in vs not signed in users.

Good point. Fairness would be to first ask google for a position, maybe it was indeed just a rogue individual, or a mistake or whatever.

but then comes the first question: how would one actually accomplish this feat, i.e. to "approach" google. Complaint addresses are exceedingly difficult to find, and those that are there don't seem to be manned. So it seems to me, the only solution does indeed be to skip the "let's discuss this first" step, and go directly to the press. Google, if you don't like this, then please become more "approachable", and people will approach you before badmouthing you in public.

MeaCulpa.. I just saw an example of it too; it's not great.. Kind of assumes you are reporting a gmail user; doesn't seem to afford anything for the google.com domain at all. And a whois on it does not reveal any addresses apart from their DNS admin account.

Searching 'Report google.com abuse' also just turns up pages of info on how to report gmail users or malicious apps; nothing to do with the network side of things.

Apart from anything else this is a foot-shoot for Google; it means that if you have a Goog

How about this? [google.com] I see a phone, fax and mailing address for each of their locations. I find it hard to believe that if you send a FedEx with ATTN: Legal Department you won't get a response.

It seems completely understandable how they wouldn't offer an easily-findable email address, since doing so would immediately result in a thousand emails a minute containing profanity and death threats because the personal website of John Smith #2945 is not on the first page of search results for "John Smith" etc., which w

I promise you there are multiple published phone numbers that will get you to a live person working or affiliated with Google who can escalate the issue internally to the right person.

Great! Can you post some of these numbers? Most numbers unfortunately connect to some helpless receptionist who doesn't understand any technical question, much less knows whom to escalate it to internally.

Call the Google Apps Premiere sales line idiot.

Can you give me the phone number of this "sales line idiot"? Will he be able to help me, or will he just pretend that my request is not worth following up because "You're the first customer having a problem of this kind" or other such excuse?

Because it is. While ICS had a delay, the source *IS* now available to everyone. Whether you consider the Cloud to be Android might have merit, as SaaS Clouds typically are not "open" in the traditional sense.

The larger organizations get, the harder it becomes to enforce whatsoever organization-wide. They acquire their own dynamics; one of the most important of that self-perpetuating dynamical processes & characteristics is mediocrity. Doing bad things, or at least a readiness in some individuals to do them, is part of that mediocrity. It is similar to what made many IBM products almost too complex to use, and an ungovernable mastodont out of, say, Bell and IBM, as corporations. I personally noticed the same

Changing a few entries in map data is unlikely to make anyone choose it or not (since no one is likely to notice). By contrast, accusing a competitor of doing so is far more likely to make it into the media and cause damage to the company's reputation, which provides a substantial disincentive for that company to have actually intentionally tried to damage the competing product and risk the accusation.

Of course, it also provides a substantial incentive for the competitor (whether Microsoft or OSM itself) to

It may be for the best: Any driver capable of ignoring the street signs indicating a one way street is in need of having their license revoked, and that is the sort of thing that police take notice of (unlike various other, equally dangerous things that bad drivers do on a regular basis).

Depends. Let's say someone in my office, connected through our wired network, had done this. Then the IP address would most likely lead to my office and therefore to my company, and OpenStreetMap would be quite justified to say "someone at XXX did this". Since I work for a company that has a reputation to lose, I'd say it is quite possible that my company would shortly afterwards say that an ex-employee was responsible.

Hmmm... do most network configurations restrict IPs to a certain computer/ethernet port? I'm rather unaware as to how most corporations setup their networks. Would there be something that would stop me from powering off somebody's computer and using their IP?

Which is still useless for all but the casual wrong-plug fault, because anyone actually breaking your network security can emit any MAC address they want. So they just need to intercept a couple of frames before switching to th

You really ought to know the answer to this by now. But if not, I'll remind you... it depends.

If something bad has been done to you, and you have an IP address, and that IP address has been said to be owned by a person (be it the person who pays the cable modem bill, the company that owns the free WiFi, etc.)... then yes, an IP address clearly and uniquely identifies the responsible party. The letter your lawyer wrote up to send to the person to demand compensation *clearly* states that, after all.

However, when notified of malevolent behavior from an IP address you own, you should have some explanation for who/what may have been responsible. Which may be as simple as open WiFi or as complex as Russian and Chinese hackers. Or bad corporate policy.

Indeed, and it's certainly one that they've made almost no attempt to live up to for well over half a decade. I seem to remember the first time I called google evil was back in the early noughties, when it became clear they had no intention to deliver on their promises regarding the buyout of dejanews and acquisition of other usenet archives, and provided a thoroughly inferior service. (So much so, that I take almost every opportunity possible to say googlegroups sucks now.)

As others have pointed out, this seems to be a storm in a teacup. If it leads to more participation in OSM, however, it'll be a good thing. I recently installed the Navfree android app (free onboard maps GPS, there's an IOS version too), and noticed a number of small inaccuracies in my neighborhood. Correcting them was really pretty easy; the maps around me already seem pretty usable, and with a bit more tweaking will be as good as any of the commercial alternatives. When I had first looked at it a couple of years ago the maps around me were pretty dire, so they've come a long way. House numbering seems to be the big remaining issue for navigation system use.

That's kinda why I posted; I only discovered it myself a couple of days ago and I like it - I have a wifi only Android phone so I am happy to have something free which has the maps stored locally. If you have 3g data the Google maps are good, but Navfree works for me. The last map update seems to have been in December so I hope they'll grab the updated OSM data sometime soon & I can see my changes reflected there.

...looks like it is ad-supported or $9 a year -- pretty steep for an OpenStreetMap user. There is plenty of other projects out there [openstreetmap.org] The question is -- are any of the open source ones usable?

IP addressed do give out their identity, just not, usually, enough to narrow down to a person that actually performed the action. If it is part of a static block owned by someone, you know it is was used somewhere within their network (unless you suspect the IP was faked at the BGP level, and the attacker is skilled enough to perform it, and what was gained is significant enough). To narrow it down to the person that actually performed it, you would need the logs of all network activity, which associates ne

Google used to have a product called "Google Web Accelerator" which was, essentially, a Google proxy that operated similar to the idea behind Kindle Fire: Make the proxy crunch images and the like to make the browser work faster.

While using it, I noticed that IP reporting sites would all show that I was coming from Google in Mountain View, CA.... who's to say that a savvy vandal simply isn't using GWA?

Sorry, but "starting to" suggests Google's recent actions are somehow different or new. Google has been deliberately and willfully evil for years now. If memory serves, Google has revealed the names of Chinese dissidents in the past [wordpress.com] (single citation being used, though going back you do find more), and gleefully gave in to the Chinese government too many times to cite all of them, all in the name of a bit of dosh.

Why is ANY of this a surprise? Companies that have a great product, a great service, that los

If Google is doing this, it's not good. However, when you think about it... If a map CAN be defaced, can it be reliable? Perhaps they need some sort of moderated change system. This system need not be heavily reliant on human oversight. But for something that need be authoritative, changes should be controlled.

Google has little, if any, financial interest in map data. They buy all of it from sources like NavTeq and GDI. I suspect Google could replace these sources with their own collection efforts - if they wanted to. It is a huge task and to do quality work takes a lot of effort. It would appear that Google would rather buy than build.

Now, if someone found NavTeq screwing with someone's map data I could understand. They have a huge financial interest (as in the whole company) in map data and being the prima

Incredibly there is lots of money in the Mapping, lots of income. Someone in Google probably saw OSM as a potential competitor and decided to do mischief. If you change the directions of one way streets that is dangerous. Especially if say Google was starting to use their map database to do not only directions but automobile autonomous control. Those kind of changes would sabotage anyone else's attempt at doing the same kind of project because the liability would be too high.

Is OpenStreetMaps a credible competitor to Google Maps? I've only used their data for maps in the Caribbean where it is okay, but leaves a lot to be desire (which is reasonable since there is likely less of a crowd to source from). Is it better in the US?

I agree, I like the idea of OpenStreetMaps, but I'm not really sure that it's at the point where it can compete with Google Maps. Which is why if this article were true it would be so stupid. Or perhaps brilliant, sabotage the competition before anybody thinks they're competitive.

It's great in Europe. Major cities have fantastic detail, far better than Google maps -- footpaths, cycle paths, phone boxes, every bus stop, name/number of every building, etc. Last time I looked (2 years ago?) the place my parents live (small village in England) was just a couple of main roads, but since then someone has filled in the rest of the roads, and the public footpaths, electricity pylons, etc. Google still have "Xxx Road" instead of "Xxx Street" for the road my parents live on, which sometimes

OSM and GMaps will only ever compete in certain areas of use. What makes OSM great is (for the time being) not its renderer(s) and certainly not its search but the free availability of the underlying data that allows uses way beyond a mere street map. What makes GMaps greats is certainly not the timeliness, accuracy and level of detail of their spatial data but the interconnection with any other information you can google. Which is exactly why I doubt that Google deliberately attacked OSM: People go to Goog

I've only used it in the UK, France and Belgium, and in all of these places Google Maps is a joke in comparison. The level of detail on OSM is so much better that it astonishes me that anyone would use Google Maps. If OSM isn't any good in your locale and you have a phone with GPS, maybe you should think about contributing...

It's not the level of detail, it's other things like the lack of a satellite view and how Google Maps has translations of place names in China whereas OSM doesn't. Satellite view doesn't seem to be important until you find yourself trying to figure out where you're going and you realize that knowing what things look like roughly is a huge help.

Shouldn't think of them as competitors. My neighborhood exists in Google Maps because I added it to OSM using the JOSM tool, tracing Yahoo satellite images (which was allowed at the time, no idea if it still is).

Google apparently consults the OSM data. The rule with OSM is you have to do it yourself, or use an open data set. So pretty much anyone can use it. Google used several of the major commercial data providers for a while, not sure if they own everything in-house at this point.

Depends on the area. Besides an individual can do a lot with them. Most of the things shown in Apple Valley, MN [openstreetmap.org] that aren't large bodies of water or roads were added by me. This includes buildings, places, parking lots, parking isles, fences, walls, smaller bodies of water, corrections to roads, land use, sports fields, schools, trails in the parks, power lines, water towers, park & rides, sub stations, etc. As others have mentioned there can be a lot more data given what people have tagged it with.

Well thought-out, including links, bashing Google, calling for Google to be broken up.

Just to be clear, you're criticizing the fact that you believe someone will post something well thought-out and sourced with links. The horror!

Notice how the very first post to this negative story on Google is a defensive, accusatory post intended to distract people from the story by turning everyone against anyone who will be critical of Google. You don't like the position someone will take on Google, and so that automati

This is why I always scroll to about halfway down the comments before reading. The first post (and replies) is always unrelated and pointless. The last ones are unfunny jokes that are often the same as the unfunny jokes half-way down the comments, except that the poster couldn't be bothered to read the comments before posting so only about the middle half of the comments are of any relevance whatsoever.

I, too, have posted things critical of Google in the past and had this same anonymous person track all my posts.

This is a real problem. Slashdot should be limiting the number of downvotes someone can give another user's posts within a time period. There's clearly assholes who just go through someone's history downvoting everything because of some perceived affront to their delicate sensibilities.

Sorry but isn't some Google bashing due here? And for that matter MS and FB don't figure here so why would you expect them to get mentioned? Predicting reasonable reactions doesn't make them trollish, just predictable.

Anyway if we wanted to know if this TechGuys is a MS/FB shill wouldn't it be enough to ask him: "Hey TechGuys, do you think MS/FB behave ethically?". Anything other than a negative would indicate such.

You have no opinion on it, yet you came into the thread to... what, check if the first comment was an anonymous attack on you so you could defend your good name? Come off it - you were clearly up for another anti-Google rant and are just acting affronted now that you've been caught out ahead of time. How is this kind of shilling not illegal?

Yeah, any criticism of Google can only be by a paid shill. Just fuck off. I am getting fed up with the shrill chorus of "shill! shill!" on slashdot everytime anyone criticises Google or Apple, or makes a comment about Microsoft that doesn't equate them with Satan

Also, I love how on slashdot everyone defends the absolute freedom of speech for neo-Nazis to dress themselves up in SS uniforms and call for racist genocide or whatever, but as soon as someone criticises poor little Google, that speech should